Presentation is loading. Please wait.

Presentation is loading. Please wait.

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Published byWesley Hood Modified over 6 years ago

Similar presentations

Presentation on theme: "BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT"— Presentation transcript:

1 BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Raf Portnoy SVP, Technology Steve Sheinberg General Counsel SVP, Privacy & Security BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

2 THINKING ABOUT DATA GOVERNANCE
Create employee policies and build a culture that recognizes that employees are the main threat vector. Teach employees, especially about social engineering. Talk to the CIO. Get your board onboard. Get good agreements with vendors and key employees. Plan well and strive for Cyber Resiliency. Update software, install patches, remove non-approved software and hardware. Follow the principle of least privilege. Use two-factor authentication. Ensure that your physical security is sufficient. Encrypt all data, period. Segregate differing data onto separate networks. Monitor network traffic. {Most of this is policy, not tech, driven} Sheinberg and Portnoy

3 Asking: who is storing what information and where…
GOVERN follow information governance best practices DETERMINE which data you need to protect IDENTIFY the data you have Asking: who is storing what information and where… Consider the risk of loss: Political, Ethical, Social, Legal How will you protect your data going forward?

4 Mission Mission: The mission of the Information Security and Privacy Program is to provide exceptional, secure infrastructure support and innovation in the delivery of information technology security products and services to Your Organization staff and clients. Improve cyber security awareness and data asset management. Protect information and systems to ensure that the confidentiality, integrity, and availability of all information is consistent with mission needs, internal and external threats, information value, and industry compliance.

5 Information Security Needs
The number and complexity of information security threats are increasing. Advanced Persistent Threats (APTs) have penetrated environments that were previously thought to have been adequately secured and can remain unnoticed for extended periods of time. Data system growth is compounding the need for increased security attention. Additionally, mobile security, cloud security, big data security, and social media security are now “today’s problems.”

6 Information Security Needs
How do we know this is enough? We are employing cybersecurity best practices We are following the recommendations made by our IT auditors. We are following recommendations by our Security Compliance consultants.

7 Information Security Program
Confidentiality – Client, Employee and Organizational information Integrity – Consistent and accurate data Availability - Easily and safely accessible information Integrity Availability Confidentiality Identity & Access Management Security Strategy & Communication Security Policy & Procedures Security Culture & Awareness

8 Information Security Program
Confidentiality Integrity Availability Identity & Access Management Security Strategy & Communication Security Policy & Procedures Security Culture & Awareness Traditional Cyber Security Triangle Confidentially Integrity Availability Cybersecurity Framework core: Identify Protect Detect Recover Restore

9 Information Security Measures
Network Vulnerability Assessment Annual independent analysis that identifies and quantifies security vulnerabilities on network systems IT Systems Disaster Recovery Well-defined, documented policies and procedures on how to establish access to IT services in case of the disaster Network access and files monitoring Real-time alerts and logs upon changes to confidential folders, or user accounts Encryption Secure messages and information Mobile Device Management Manage mobile devices ensuring secure data on mobile devices Private Printing Secure printing to most network printers Single Sign-On Access multiple application with one credential Secure Remote Access Secure and seamless remote access Desktop and Server Management Patch and update desktops and servers Software deployment and configuration management Restricted Access to Client Management Systems (CMS) Access restricted to within the organization’s network Cybersecurity Awareness Program Training and Communiques

10 Thank you! Questions?

Download ppt "BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT"

Similar presentations

SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
DISCOVER IT PEACE OF MIND Staying HIPAA-Compliant Revised: April 13, 2015.

DISCOVER IT PEACE OF MIND Staying HIPAA-Compliant Revised: April 13, 2015.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Security considerations for mobile devices in GoRTT

Security considerations for mobile devices in GoRTT
Chapter 6 of the Executive Guide manual Technology.

Chapter 6 of the Executive Guide manual Technology.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Similar presentations

Ads by Google